Items Tagged with "Cloud Security"

Anybody who works with central IT staff at larger enterprises recognize the common questions around security and compliance from professional InfoSec teams. Here are some of the general guidelines that all InfoSec departments should consider when thinking about cloud deployments.

People are still stuck on authentication, mainly passwords. We as an industry or customer base haven't been very good at figuring out how to manage identities, without sticking our customers with a million different sites which don't share common identities...

TOS;DR aims to help with what is possibly the biggest lie on the internet, that which users make when they click that they have read, understood and accepted the terms of service of their provider. The fact is that no one reads them but rather vaguely hopes for the best...

The cloud brings a level of agility that allows organization to be more nimble than before. Cloud powers workers in disparate geographies to collaborate on projects. Cloud enables the mobile provisioning of mass information in new ways. Cloud makes insights into vast stores of data more readily obtained...

As we move to broader scale cloud adoption, one would be excused for assuming that we’d reached a point where the definition of what constitutes IaaS is set in stone – true different vendors package up their virtual servers with different specs, but IaaS is, to a greater or lesser extent, a fixed concept...

Marketing and sales professionals will, inevitability, require a cloud-based collaboration processes or they face a potential competitive disadvantage. Therefore, IT executives are best-served by investigating the rate at which their employees are using unsanctioned tools that facilitate potential breaches...

It has been 12 years since the US passed a law to facilitate the use of electronic records and electronic signatures. Called the Electronic Signatures in Global and National Commerce Act (ESIGN), its general intent in black and white is quoted in the very first section of the legislation...

The decision was made during the consultation process that universal design and accessibility issues should be outside the scope of the document. That was a necessary decision as the drive was to come up with a readily consumable document that vendors could easily comply with...

If a third party is providing your organization a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party must ensure that the service complies with all relevant PCI requirements...

"The advent of cloud computing has removed infrastructure as a barrier to rapid and massive scaling of applications. [IaaS and Paas have] made it possible for a developer to create an application one day and have it utilized by hundreds of thousands of users the next..."

The face of corporate IT changes dramatically with a move to the cloud – no longer do people need to spend time racking and stacking servers, patching software and other low level tasks – the fact is that in the long run individual organizations will not have email server administrators, desktop software support personnel or systems administrators...

Any application that was built to be secured independently of the environment will do as well in a public cloud as it did in your private data center. If you build the application to be low-risk independent of your environmental controls you shouldn't have to worry where it lives...

The security market in 2012 is estimated at $60 billion, yet adding more layers of perimeter security may be completely useless against a determined sysadmin working on the inside. The end result is that your data might or might not be secure – you simply have no way to prove it...

BYOD issues continue to cause headaches for IT departments. Security mandates grow exponentially as they struggle to prevent data leaks from private networks onto public clouds. The biggest concerns with public clouds are the loss of data and control of the location of that data...

“With the cloud, you don’t own anything. You already signed it away through the legalistic terms of service with a cloud provider that computer users must agree to... the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it...”